Search squid archive

Re: Wrong req_header result in cache_peer_access when using ssl_bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/15/2016 12:11 PM, Mihai Ene wrote:
> I have a working ssl_bump
> configuration when using direct connections. However, cache_peer and
> cache_peer_access have req_header rules which aren't followed in bumped
> connections.

If Squid has access to [fake or real] request headers, they should be
available to ACLs.


> In logs, immediately after bumping, I see attempts to read X-My-Header
> during cache_peer_access rules, and the header appears to always be
> empty and ACLs always evaluate to 0, although the same logs show the
> correct, expected X-My-Header later on, when forwarding the request.

I can think of two possibilities:

1. When debugging, you are looking at CONNECT transactions (rather than
HTTP requests inside bumped CONNECT tunnels) _and_ your CONNECT
transactions do not have X-My-Header.

2. It is a bug you should report.

If there is an X-My-Header in CONNECT transactions that your Squid
receives, see #2. Otherwise, see #1. You can use wireshark or Squid
ALL,2 debugging to see CONNECT headers that Squid receives.

The above assumes you are not intercepting SSL connections and are not
dynamically adding X-My-Header to the received requests.


HTH,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux